Systems and methods for identity validation and verification

ABSTRACT

According to some embodiments, a system and a method of transmitting identity verification information to a merchant include receiving an account identifier from a user in response to the user interacting with a merchant. The user is authenticated based on the account identifier and identity verification information is transmitted to the merchant.

CROSS REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent spplication Ser. No.14/223,603 filed on Mar. 24, 2014 entitled SYSTEMS AND METHODS FORIDENTITY VALIDATION AND VERIFICATION, which has been allowed, and thecontents of which application is hereby incorporated by reference forall purposes.

FIELD

The present disclosure relates to identification and identity validationand verification. In particular, the present disclosure relates tosystems and methods for performing customer identification andcustomer's identity and address validation and verification servicesusing an account identifier and historical information associated withan individual.

BACKGROUND

Around the world, businesses and governments daily contend with the needto verify the identity of their customers or other individuals. In part,this is due to the good business practice of knowing the identity of acustomer before doing business with them. It also is a regulatoryrequirement in many jurisdictions. For example, most countries haveregulations (often referred to as “know your customer” or “KYC”regulations) that impose due diligence requirements on financialinstitutions, government agencies and other regulated companies. The duediligence requirements ensure that these businesses and agencies requiretheir customers to provide detailed identity information beforeproviding certain financial services or other products or services totheir customers. KYC requirements include due diligence requirements toprevent money laundering (referred to as “Anti Money Laundering” rules)and Combating Financing of Terrorism (CFT).

Other business environments also need similar verification requirements.For example, many businesses have a continuing need to verify bank andpayment accounts that are used for either direct debit functionality forrecurring payments (such as bill payments, insurance payments, etc.) andexternal account linking for funds transfer where micro depositvalidation is a common practice but takes too much time because of themanual work involved.

Further, as electronic funds transfer (“EFT”) systems mature, they areimplement “pull EFT/Direct Deposit” functionality that is aimed atallowing merchants to initiate a payment request directly from consumerbank accounts. This process does require a one—time mandate set up andvalidation, which could take a week or so, and involves significantlogistical costs in manually sighting and validating consumer signatureetc. There are also significant costs of archival and retrieval of saiddata. It would be desirable to reduce the time and cost required forsuch activities.

Similarly, external bank account linking, which is used for inter-bankfunds transfer today uses a micro deposit validation into the externalbank account that is manual and time consuming process. It would bedesirable to improve this process.

To satisfy many of these KYC requirements, businesses may require that aconsumer provide information to prove their identity. Such informationmay include, for example, a passport or other government-issuedidentification, one or more items proving their current address, and oneor more items proving their date of birth or other information. Forexample, a consumer who wishes to open a bank account in Singapore maybe required to present their passport, their Singapore National IDnumber, and a copy of one or more items proving their current address.This information is provided to an authorized employee of the bank atwhich the customer wishes to open an account and the employee enters theinformation into the banks KYC systems.

If the customer also wishes to purchase a mobile telephone and/or obtaina new SIM card for a mobile telephone, he is again required to providethe same information proving his identity and address. This can becomeinconvenient and cumbersome for consumers. Further, each merchant,business or other entity that needs to verify the identity of theirconsumers incurs substantial cost and effort in performing theverification as often such customer identification and verificationprocedures are manual in nature.

It would be desirable to provide systems and methods that facilitateauthenticating a user based on his/her identity and address.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flow chart that illustrates a method that may be performedaccording to some embodiments.

FIG. 2 is a block diagram representation of a system that may beprovided according to some embodiments.

FIG. 3 is a block diagram of an identity authentication device accordingto some embodiments.

FIG. 4 is a block diagram of a payment card issuer device according tosome embodiments.

FIG. 5 is a portion of a database according to some embodiments.

FIG. 6 is a portion of a database according to some embodiments.

FIG. 7 is a user interface according to some embodiments.

FIG. 8 is a user interface according to some embodiments.

FIG. 9 is a portion of a network packet according to some embodiments.

FIG. 10 is a portion of a network packet according to some embodiments.

DETAILED DESCRIPTION

To alleviate problems inherent in the prior art, the present embodimentsintroduce systems and methods where a user identity may be verifiedsubstantially in real-time and in the course of a transaction.

The present embodiments may be associated with a “user” who is seekingto access a product or service in which the user's identity (orinformation associated with the user) requires validation. As usedherein, the term “user” might refer to, for example, a person (orentity) who executes transactions with merchants or service providers.As used herein, the term “user account” might refer to, for example, anyfinancial account associated with or controlled by the user to performfinancial transactions. For example, a user account might be a bankaccount, a credit card account, a debit card account, a prepaid account,a loan account, or the like. These, and other, terms will be used todescribe features of the present embodiments by reference to thefollowing detailed description, the appended claims and the drawingsprovided herewith.

For purposes of illustrating features of the present embodiments, asimple example will now be introduced and referenced throughout thedisclosure. In the illustrative example, a customer (named “John Doe”)wishes to sign up for a cellular phone service. John Doe has a bankaccount at his local bank, and he has a MasterCard branded credit cardthat is issued by his bank and that he uses frequently for purchases.The cellular phone service that John wishes to sign up for uses theauthentication techniques described herein. The cellular phone serviceprovider is called “Phone Co.,” and Phone Co. has engaged the servicesof an authentication service called “Authentication Co.” which offersauthentication services pursuant to the embodiments described herein.Those skilled in the art will recognize that this example isillustrative and not limiting and is provided purely for explanatorypurposes.

Turning now in detail to the drawings, FIG. 1 is a flow chart thatillustrates a method 100 that may be performed according to someembodiments. The flow chart in FIG. 1 does not imply a fixed order tothe steps, and embodiments of the present disclosure can be practiced inany order that is practicable. Moreover, the methods may be performed byany of the devices described herein. The method shown in FIG. 1 may beperformed, for example, by the identity authentication device 230 ofFIG. 2 and the identity authentication device 300 FIG. 3.

The authentication method 100 of FIG. 1 may begin at 102, where anaccount identifier is received from a user in response to the userinteracting with a merchant. As used herein, the term “merchant” is usedto refer generally to a merchant or a service provider provideidentification services as described herein. Referring to theillustrative example introduced above, receiving at 102 occurs once JohnDoe (interacting with the Phone Co. website) receives a request from themerchant (i.e., Phone Co.) for an account identifier. The Phone Co.website may redirect John Doe's web browser input to AuthenticationCo.'s website so that John's account identifier may be entered intoAuthentication Co.'s authentication system.

FIG. 2 represents a block diagram 200 of an embodiment of the identityvalidation and verification system of the present disclosure. Referringto FIG. 2, and continuing with the illustrative example, a user such asJohn Doe may use a user device 210, and John may be required to validatehis identity to a merchant via the merchant's website (e.g., a merchantdevice 220 such as a point of sale terminal or webserver) beforeservices can be provided to John.

The user device 210 may comprise, for example, a personal computer (PC),a mobile device (such as a smart phone, a tablet computer, or the like).A user, such as John Doe, may use the user device 210, for example, toregister, to access, or to utilize services offered by the merchant, andmay also use the user device 210 to complete an authentication processpursuant to embodiments described herein. The user device 210 maytransmit information identifying the user (e.g., via a redirect, via anHTTP post, a Web services interaction or the like).

When the user device 210 accesses the merchant's website, as illustratedby flow (1) in FIG. 2, the user device 210 may be redirected to anidentity authentication device 230, as illustrated by flow (2) in FIG.2, and a user, such as John, may enter an account identifier to validatehis identity. In some embodiments, the user may enter an accountidentifier plus associated authentication information for the accountidentifier, such as a password (static or dynamic), a verification value(such as a CVC2, or the like), an expiry date, etc. The identityauthentication device 230 may comprise a server that is associated withAuthentication Co. In one embodiment, the user may enter an accountidentifier, authentication information associated with the accountidentifier, and the user's identification data in the user device 210.In such embodiments, the identity validation and verification on theuser input data may be performed by the payment card issuer 250 via thepayment network 240 and received at the identity authentication device230 in the form of a “success” or “fail” response message.

At the identity authentication device 230, John's account identifier maybe entered. For example, John Doe may be asked to provide a primaryaccount number (or “PAN”) from his MasterCare-branded credit card (e.g.,the 16-digit number embossed or printed on the face of John's card).This information may be entered into Authentication Co.'s authenticationsystem via a webpage displayed on John's computer that points toAuthentication Co.'s authentication system and thus John's PAN will beentered into Authentication Co.'s authentication system for processing.

Referring back to FIG. 1, at 104, the user is authenticated based on theaccount identifier. The authentication may be performed via a processor,such as the processor that will be described with respect to FIG. 3.Referring to FIG. 2, and continuing with the illustrated example, theidentity authentication device 230 may use John Doe's MasterCare-brandedcredit card primary account number to authenticate John.

To authenticate John, the identity authentication device 230 maytransmit an account identifier, such as John's MasterCard® credit cardprimary account number, to a payment card issuer 250 via a paymentnetwork 240, as illustrated at flows (3) and (5) of FIG. 2. The identityauthentication device 230 may transmit a query to the payment cardissuer 250 via the payment network 240 and in response to the query,identity verification information may be transmitted from the paymentcard issuer 250 via the payment network 240 and received at the identityauthentication device 230 as illustrated at flows (4) and (6) of FIG. 2.

For example, John's MasterCard credit card primary account number may betransmitted to a device or system associated with the issuer of thepayment card (payment card issuer 250) via a payment network (such asthe payment network operated by MasterCard or the like). The paymentcard issuer 250 will be described in more detail with respect to FIG. 4and a payment network 240 will be described in more detail with respectto FIG. 9 and FIG. 10.

Referring back to FIG. 1, at 106, identity verification information istransmitted to the merchant. In FIG. 2, and continuing with theillustrated example, the identity authentication device 230 may transmitidentity verification to the merchant 220 as illustrated at flow (7) ofFIG. 2. For example, Authentication Co.'s authentication system maytransmit identity verification information associated with John Doe toPhone Co. where the identity verification information is based on JohnDoe's MasterCard® credit card primary account number.

Authentication Co.'s authentication system may transmit identityverification information comprising (i) government-issued identificationinformation associated with the John and/or (ii) a level of availableidentity verification information associated with John. For example, theauthentication system may transmit John's government-issuedidentification to Phone Co. The government-issued identification maycomprise John's national identification number, such as, but not limitedto, a social security number (“SSN”), a birth certificate number or anyother similar government issued identification. In another example, theauthentication system may transmit a level of available identityverification information associated with John. For example, a level ofavailable identity verification information may indicate that John'sidentification and John's address has been verified within a predefinedtime frame.

Each merchant may require a different specific time frame in which auser's identification and address has been verified by an authenticationsystem. In some embodiments, a user's address may be verified byreceiving or scanning recent items that indicate the user's address suchas, but not limited to, bills that were paid by the user where the billsindicate the user's address. For example, the authentication system mayreceive a heating oil bill, an electric bill, a telephone bill, etc.where each bill indicates the user's home address. The user'sidentification may be verified by a government-issued identificationsuch as, but not limited to, a passport, birth certificate and/ordriver's license that may also indicate the user's home address. Sincesome merchants may require verification of a user's identification tohave been performed within a specific time frame, the authenticationsystem may also store dates associated with when a government-issuedidentification was last reviewed. Time frames will be discussed infurther detail with respect to FIG. 6.

According to some embodiments, FIG. 3 is a block diagram of an identityauthentication device 300, such as the device 230 described with respectto FIG. 2. The identity authentication device 300 may include acommunication device 330 to exchange data over a network to facilitatecommunication with, for example, other devices (such as user device 210and merchant device 220). Note that numerous communication devices 330may be provided (to allow for simultaneous communication with a numberof other devices) and may be preferably configured with hardwaresuitable to physically interface with desired external devices and/ornetwork connections. For example, the communication device 330 maycomprise an Ethernet connection to a local area network, wide areanetwork or other type of network through which the identityauthentication device 300 may receive and transmit information over theInternet and/or over private or proprietary networks.

In addition, the identity authentication device 300 may include anauthentication engine 340 that may communicate with a processor 350. Theprocessor 350 may also be in communication with a local input device(not shown in FIG. 3). The local input device may comprise, for example,a keyboard, a mouse or other pointing device, a switch, an infraredport, a docking station, and/or a touch screen. Such a local inputdevice may be used, for example, to provide rules or values associatedwith authentication rules, or to perform maintenance or modification ofqueries or interfaces for obtaining identification authenticationinformation. The processor 350 may also be in communication with a localoutput device (not shown in FIG. 3). The local output device maycomprise, for example, a display (e.g., a computer monitor), a speaker,and/or a printer. The local output device may be used, for example, togenerate reports and/or export information to be used to generate rulesor values associated with identification authentication rules.

The processor 350 may include or otherwise be associated with dedicatedregisters, stacks, queues, etc. that are used to execute program codeand/or one or more of these elements may be shared there between. Insome embodiments, the processor 350 may comprise an integrated circuit.In some embodiments, the processor 350 may comprise circuitry to performa method such as, but not limited to, the method described with respectto FIG. 1.

The processor 350 may also be in communication with a storage device360. The storage device 360 may comprise any appropriate informationstorage device, including combinations of magnetic storage devices(e.g., magnetic tape and hard disk drives), optical storage devices,and/or semiconductor memory devices such as Random Access Memory (RAM)devices and Read Only Memory (ROM) devices.

The storage device 360 may comprise a non-transitory computer-readablemedium to store a program for controlling the processor 350. The programmay be stored in a compressed, un-compiled and/or encrypted format. Theprogram may furthermore include other program elements, such as anoperating system, a database management system, and/or device driversused by the processor 350 to interface with peripheral devices.

The processor 350 may perform instructions of the program, and therebyoperates in accordance with the present embodiments. For example, theprocessor 350 may receive data associated with a user to beauthenticated, and then use that data to query a payment card issuer viaa payment network, and then present the data to a merchant according tothe rules from an authentication rules database.

The authentication engine 340 may operate to executeprocessor-executable process steps so as to control the identityauthentication device 300 to provide desired functionality. The identityauthentication device 300 further includes a web engine 320 to provide auser interface for a user device 210 to enter information into theidentity authentication device 300. Note that the web engine 320,authentication engine 340, storage 360 and communication device 330 maybe co-located with, or remote from, the identity authentication device300. The identity authentication device 300 may operate in accordancewith any of the embodiments described herein.

FIG. 4 is a block diagram of a payment card issuer device 400, such asthe device 250 described with respect to FIG. 2, according to someembodiments. In this case, the payment card issuer device 400 includes acommunication device 420 to exchange data over a network to facilitatecommunication with, for example, other devices (such as the identityauthentication device 230). The communication device 420, like thecommunication device 330, may comprise an Ethernet connection to a localarea network, wide area network or other type of network through whichthe payment card issuer device 400 may receive and transmit informationover the Internet and/or over private or proprietary networks, such aspayment network 240.

The payment card issuer device 400 may also include a processor 410,like the processor 350. The processor 410 may be in communication with astorage device, such as storage device 430. The storage device 430 maycomprise any appropriate information storage device, includingcombinations of magnetic storage devices (e.g., magnetic tape and harddisk drives), optical storage devices, and/or semiconductor memorydevices such as Random Access Memory (RAM) devices and Read Only Memory(ROM) devices. In some embodiments, storage device 430 may be remotefrom the payment card issuer device 400 and thus, storage device 430 maybe accessible by the identity authentication device 300.

The storage device 430 may store an identity verification database 500and a customer authentication rules database 600. Now referring to FIG.5 and FIG. 6, embodiments of an identity verification database 500 and acustomer authentication rules database 600 are illustrated.

FIG. 5 is a portion of a tabular representation of the identityverification database 500 that may be stored at the payment card issuerdevice 400 according to some embodiments. The database 500 may includeentries related to identify information associated with a plurality ofusers. The database 500 also defines fields 502, 504, 506, 508, 510,512, 514 and 516 for each of the entries. The fields specify: an accountidentifier 502; a government-issued identification 504; a first address506 associated with a first bill, such as an electric bill; a postalcode 508 associated with the first bill; a mailing date 510 associatedwith the first bill; a second address 512 associated with a second bill,such as a telephone bill 512; a postal code 514 associated with thesecond bill; and a second mailing date 516 associated with the secondbill. The information in the identity verification database 500 may becreated and updated, for example, based on information received from oneor more payment processing networks or systems based on transactionsconducted by the plurality of users using those networks or systems. Insome embodiments, the identity verification database 500 may be updatedwhen a user provides identity information to his local bank, his paymentcard issuer, to a payment network, or the like.

The account identifier 502 may be, for example, an alphanumeric codeassociated with a particular payment account (e.g., in the case of acredit card or other payment card, the account identifier may be the PANassociated with the account). The government-issued identification 504may include a social security number, a birth certificate number, apassport number or any other similar government-issued identification.In some embodiments, the identity verification database 500 may define afield for a type of government-issued identification (not shown in FIG.5). The government-issued identification 504 may be an alphanumeric codeuniquely identifying a particular individual. The addresses 506/512,postal codes 508/514 and mailing dates of the bill 510/516 may be usedto identify a user's current address, as well how recent the user'saddress was verified.

FIG. 6 is a portion of a tabular representation of a customerauthentication rules database 600 that may be stored at the devices 400or 300 according to some embodiments. The database 600 includes entriesidentifying one or more rules to be applied by the identityauthentication device 300 to authenticate users on behalf of one or moremerchants. In this manner, the identity authentication device 300 mayperform authentication services on behalf of more than one serviceproviders/merchants, and each merchant may specify differentauthentication rules. The table also defines fields 602, 604, 606, and608 for each of the entries. The fields specify: a merchant identifier602; a time rage 604 requirement associated with how recent the dataassociated with a user needs to be; a required minimum number ofdocuments that contain a confirmed address 606 associated with the user;and a type 608 or types of information that are subject to the timerange 604 requirement. The information in the authentication rulesdatabase 600 may be created and updated by merchants, such as a merchantassociated with the merchant device 220.

The merchant identifier 602 may be, for example, an alphanumeric codeassociated with a particular merchant that seeks to use theauthentication service. The time rage 604 may be based on hours, days,months, years, etc. The number of confirmed documents 606 specifies anumber of documents that contain address information that must beconfirmed for each user. For each document that contains a confirmedaddress, a recent bill might be used to verify a postal code as well asa street address. In some embodiments, the bill might be issued withinthe time rage to be considered qualifying address confirming document.Similarly, if indicated in 608 a government-issued identification aswell an address may also need to be verified within the time range 604.

Referring to the illustrated example in FIG. 5, Phone Co. (e.g.,merchant identifier 2) may require two documents with confirmedaddresses within the past year as illustrated in FIG. 6. Theauthentication system using John Doe's PAN of “5xxxxxxxxxxxxxx1,” maylookup John's information and determine that John has two confirmeddocuments on file, one with a mailing date of 5 Jun. 2013 and one with amailing date of 7 Jun. 2013. Therefore, the authentication system maypass John's government-issued identification of “1001” to Phone. Co.Alternatively, the authentication system may transmit an indication thatJohn's identity information meets their requirements without sending anysensitive information related to John.

FIGS. 7 and 8 illustrate examples of user interfaces 700/800 that may beused in conjunction with the present embodiments. Referring first toFIG. 7, a user interface 700 is shown that includes a header area 702and a form area 704. The form area 704 includes a field to enter anaccount number 706 and a password 708. The account number 706 andpassword 708 may be entered at an identity authentication device, suchas 230, and may be used by a payment card issuer to signify that theuser desires to have his identity authenticated. In some embodiments,the account number 706 and password 708 may be a user's account number706 and a password 708 that are associated with a user account.

Referring to the illustrated example, when John Doe accesses Phone Co.'sweb site, John may be asked to manually enter information such as hisname, address, date of birth, and government-issued identification. Johnmay also have an option to use an identity service as described herein.If John selects the identity service, he may be redirected to anidentity service page where John can enter his MasterCard® PAN.

In the user interface 800 of FIG. 8, a user may be presented with one ormore kinds of identification to be transmitted to a merchant. The usermay select the type of information to be sent to a merchant (e.g.,confirm his permission to send this data). In the form shown in FIG. 8,the user may be prompted with a plurality of check boxes 806 anddescriptions 808 associated with each type of data to be transmitted tothe merchant.

Referring again to the illustrative example introduced above, John Doe,after providing his MasterCard® payment card login information, asillustrated in FIG. 7, may be presented with the user interface of FIG.8 to verify which information John approves to be sent to the merchant.The user interface 800 may indicate to John that Phone Co. is requestingthe following information to be shared: Government ID, Electric BillInformation and Telephone Information. John may select specificinformation, using the check boxes 806 to confirm that the specificinformation will be sent to Phone Co. Once John clicks Submit, anauthenticated message is directed to the identity authentication device230, which can then share the information requested in a standard formatto the merchant.

Establishing and adhering to KYC requirements may be a significant costfor most businesses and by using a payment card service to validateidentity, such as a MasterCard platform to securely retrieve andvalidate users identity, businesses & Governments can save on identityvalidation costs, physical infrastructure and personnel, and have betterconversion for their sales processes. Consumers may benefit from havinga single service that allows a user to sign up online, without having toenter identity validation data repeatedly. A user can store his identifyvalidation data with a financial institution that they trust, and bankwith so that information to be shared securely with other entities thatthe user does business with.

FIGS. 9 and 10 relate to a network packet 900 that may be sent over apayment network, such as payment network 240. The payment network maycomprise a communication network such as a Local Area Network (LAN), aMetropolitan Area Network (MAN), a Wide Area Network (WAN), aproprietary network, a Public Switched Telephone Network (PSTN), aWireless Application Protocol (WAP) network, a Bluetooth network, acable television network, or an Internet Protocol (IP) network such asthe Internet, an intranet or an extranet. Moreover, as used herein,communications include those enabled by wired or wireless technology.Although a payment network 240 is illustrated as a single communicationnetwork, any number of such networks may be included in the paymentnetwork.

The network packet 900 may be used to transmit data on the paymentnetwork and may be based on an ISO 8583 network packet. The networkpacket 900 may comprise information derived from a payment card (e.g.,an account number), a terminal (e.g., the merchant number) together withother data. Conventional ISO 8583-based network packets are used toeither authorize or decline a transaction and generate a response to bedelivered back to the terminal. Conventional ISO 8583 packets furtherdefine a format that comprises a Message Type Indicator (MTI) 902, oneor more bitmaps 904, indicating which data elements are present, and thedata of the message 906.

As illustrated in FIG. 10, the network packet 900 may comprise a messagetype indicator 902 that comprises four positions 902A, 902B, 902C, and902D that may be used to indicate that the network packet 900 is sendingidentity service information instead of information associated withauthorizing or declining a transaction. This may be accomplished byutilizing a unique MTI code for sending an identity service message anda unique MTI code for returning identity service messages.

The present embodiments allow the authentication of a user,substantially in real time, during a registration process. Further, thepresent embodiments allow such authentication to be performed for anentity (such as a merchant) which has no prior or direct businessrelationship with the user. The present embodiments may authenticate auser with a minimal amount of information that needs to be provided bythe user during the registration process (e.g., in some embodiments, allthat is required is an account number). The present authenticationsystem may avoid a need to wait for further authentication, allowing auser to quickly access services, and allowing a merchant (e.g., aservice provider) to safely authenticate the user prior to providingaccess to its services.

Although the present disclosure has been described in connection withspecific exemplary embodiments, it should be understood that variouschanges, substitutions, and alterations apparent to those skilled in theart can be made to the disclosed embodiments without departing from thespirit and scope of the disclosure as set forth in the appended claims.

What is claimed is:
 1. A method for operating a merchant device tovalidate user provided identity information, the method comprising:receiving an account identifier from a user; transmitting anidentification request message to an identity service, theidentification request message including the account identifier,information identifying the merchant, and information to identify one ormore authentication rules associated with the merchant; receiving anidentification response message from the identity service, theidentification response message including identification informationassociated with the user, the identification information based at leastin part on (i) information received from an issuer of the accountidentified by the account identifier and (ii) information responsive tothe one or more authentication rules associated with the merchant; andpresenting a response to the user indicating whether the user identityhas been successfully validated pursuant to the one or moreauthentication rules associated with the merchant.
 2. The method ofclaim 1, wherein the identification information associated with the userreceived with the identification response message includes an indicatorsignifying that the identity service validated the user identity.
 3. Themethod of claim 1, wherein the identification information associatedwith the user received with the identification response message includesat least user name and address information.
 4. The method of claim 3,further comprising: analyzing the user name and address informationreceived in the identification response message to validate the useridentity.
 5. The method of claim 1, wherein the one or moreauthentication rules is a rule that identifies a verification date rangethat is acceptable to the merchant.
 6. The method of claim 5, whereinthe identification information associated with the user received withthe identification response message includes an indicator signifyingthat the identity service validated the user identity and an indicatorsignifying that the verification date range was satisfied.
 7. The methodof claim 5, wherein the identification information associated with theuser received with the identification response message includes at leastuser name and address information and a verification date associatedwith the user name and address information.
 8. The method of claim 1,wherein the one or more authentication rules associated with themerchant include one or more authentication rules associated with agroup of merchants including the merchant.
 9. The method of claim 1,wherein the one or more authentication rules associated with themerchant include a rule that identifies a number of documents havingconfirmed addresses of the user.
 10. The method of claim 1, furthercomprising: receiving, from the user, an identification of the types ofinformation the user consents to allow the identity service to providein generating the identification response message.
 11. A merchantdevice, comprising: a processor; and a storage device in communicationwith the processor and storing instructions adapted to be executed bythe processor to: receive an account identifier from a user; transmit anidentification request message to an identity service, theidentification request message including the account identifier,information identifying the merchant, and information to identify one ormore authentication rules associated with the merchant; receive anidentification response message from the identity service, theidentification response message including identification informationassociated with the user, the identification information based at leastin part on (i) information received from an issuer of the accountidentified by the account identifier and (ii) information responsive tothe one or more authentication rules associated with the merchant; andpresent a response to the user indicating whether the user identity hasbeen successfully validated pursuant to the one or more authenticationrules associated with the merchant.
 12. The merchant device of claim 11,wherein the identification information associated with the user receivedwith the identification response message includes an indicatorsignifying that the identity service validated the user identity. 13.The merchant device of claim 11, wherein the identification informationassociated with the user received with the identification responsemessage includes at least user name and address information.
 14. Themerchant device of claim 13, further comprising instructions adapted tobe executed by the processor to: analyze the user name and addressinformation received in the identification response message to validatethe user identity.
 15. The merchant device of claim 11, wherein the oneor more authentication rules is a rule that identifies a verificationdate range that is acceptable to the merchant.
 16. The merchant deviceof claim 15, wherein the identification information associated with theuser received with the identification response message includes anindicator signifying that the identity service validated the useridentity and an indicator signifying that the verification date rangewas satisfied.
 17. The merchant device of claim 15, wherein theidentification information associated with the user received with theidentification response message includes at least user name and addressinformation and a verification date associated with the user name andaddress information.
 18. A computer-readable medium storing instructionsadapted to be executed by a processor to perform a method for operatinga merchant device to validate user provided identity information, themethod comprising: receiving an account identifier from a user;transmitting an identification request message to an identity service,the identification request message including the account identifier,information identifying the merchant, and information to identify one ormore authentication rules associated with the merchant; receiving anidentification response message from the identity service, theidentification response message including identification informationassociated with the user, the identification information based at leastin part on (i) information received from an issuer of the accountidentified by the account identifier and (ii) information responsive tothe one or more authentication rules associated with the merchant; andpresenting a response to the user indicating whether the user identityhas been successfully validated pursuant to the one or moreauthentication rules associated with the merchant.
 19. The merchantdevice of claim 18, wherein the identification information associatedwith the user received with the identification response message includesan indicator signifying that the identity service validated the useridentity.
 20. The merchant device of claim 18, wherein theidentification information associated with the user received with theidentification response message includes at least user name and addressinformation.